1. Technical Field
The present disclosure relates to denial of service attacks and, more specifically, to systems and methods for detecting denial of service attacks.
2. Description of the Related Art
Computer systems and computer networks are commonly used by corporations and institutions to store and manage sensitive information. Additionally, computer systems and networks are often used to provide the constituents of corporations and institutions with around-the-clock access to information and services through the use of websites and related web-based services.
While the use of such systems and networks has many advantages, these systems and networks present a risk to corporations and institutions that their systems and networks can be exploited or vandalized by malicious attack. Malicious attacks can be attempts by individuals to willfully and/or maliciously exploit and/or damage the public or private systems and networks of others. Malicious attacks may be launched by individuals wishing to do harm or by unscrupulous competitors desiring a competitive advantage. Malicious attacks can potentially compromise sensitive data, damage software and/or hardware, tie up valuable network resources and disrupt the availability of websites and related web-based services.
One particularly popular form of malicious attack is the denial of service attack. The denial of service attack is a broad term used to describe malicious attacks that attempt to disrupt the service of websites and related web-based services generally by bogging down targeted servers with a barrage of bogus requests for information. There can be many forms of denial of service attacks. Examples of denial of service attacks include buffer overflow attacks, the SYN Attack, the Teardrop attack and the Smurf attack.
The buffer overflow attack is among the most common forms of denial of service attack. This attack attempts to send a server more network traffic than it has been designed to accept. Network traffic can be data that is sent to a server by a system or user wishing to establish a communication connection. Network traffic can be data that is transmitted during the course of communication. Servers, such as web servers and email servers, often use a data buffer to temporarily store traffic that is received while the server is busy processing other traffic. Data buffers have a limited capacity that can be selected based on the volume of traffic that the server has been designed to accommodate. By sending a barrage of network traffic to a server, the server's data buffer can overflow. When a data buffer overflows, the data buffer may become incapable of receiving additional traffic because there may not be additional free space to accommodate the traffic. Traffic that is sent to a server with an overflowing data buffer may not be accepted and the server may therefore not be in a usable state.
Buffer overflow attacks may additionally exploit weaknesses in the system targeted to increase the effectiveness of the attack. Such attacks may simply send a value that is larger than the target server is prepared to accommodate. Because servers are generally designed to function correctly even when presented with values that are too large, creating a buffer overflow of this nature involves exploiting a specific weakness in the server being targeted. For example, buffer overflow attacks may send email messages to the target server that contain attachments with 256-character file names thereby exploiting a weakness that has been identified in certain email servers and more easily causing a buffer overflow. Other email servers can be vulnerable to emails that have been addressed to an email address exceeding 256 characters.
The use of such denial of service attacks is wide spread and may be growing and the threat posed by such attacks is large. An efficient and effective way of protecting computer systems and networks from this growing threat is highly desirable.